Security & Compliance at SurveyAnalytica
Security and privacy are foundational to SurveyAnalytica. This page describes the certifications, regulatory commitments, and technical practices that protect your data across Research, CX, Campaigns, Automation, and Analytics.
ISO/IEC 27001
SurveyAnalytica is ISO/IEC 27001 certified. Our information security management system covers the SurveyAnalytica platform and the processes that support it, and is independently audited against the international standard for information security. Certification details and audit reports are available on request via support@surveyanalytica.com.
GDPR
SurveyAnalytica is GDPR compliant. We support data-subject rights — including access, rectification, erasure, portability, and objection — and respond to requests within the statutory timelines. A Data Processing Agreement (DPA) is available on request.
Data Protection Practices
We apply layered technical and organizational controls to keep customer data safe:
- Encryption in transit: all traffic is served over TLS.
- Encryption at rest: customer data is encrypted at rest.
- Infrastructure: hosted on Google Cloud (us-central1).
- Role-based access control across organizations, teams, and workspaces.
- Multi-factor authentication (MFA) support for user accounts.
Subprocessors
We use a small set of subprocessors to deliver the service:
- Google Cloud Platform — hosting, storage, and data processing.
- Stripe — payment processing.
- Amazon Web Services (SES) — transactional email delivery.
Responsible Disclosure
If you believe you have found a security vulnerability in SurveyAnalytica, please report it to support@surveyanalytica.com. We acknowledge reports promptly and ask that you give us a reasonable opportunity to remediate before any public disclosure.